Forensic Analysis of Private Browsing Modes - Assignment Example

Forensic Analysis of private browsing modes Name Course Name and Code Instructor’s Name Date Contents Introduction 3 Internet Explorer 3 Google chrome 5 Evidential artifacts left when using Mozilla Firefox private browsing mode 6 Evidential artifacts left when using Safari private mode 7 Reference 13 Introduction Computer forensic is one of the branch of the digital forensic science that deals with the legal evidence that is found in the storage media that are digital and computers (Smith & Bace, 2003). It is aimed at the examination of the digital media but in a forensic manner for the purposes of identifying, recovering, preserving, and analyzing as well as presentation of the facts and also the opinions about all of the information in question. It is not only used in the investigation of the computer crimes but also for use during the civil proceedings. It is also used in the process of data recovery incase of loss but it is used with some additional guidelines as well as practices for the creation of legal trail audit. Evidence that is presented from the investigations of computer forensic must be subjected to practices and guidelines that are designed for the purposes of other digital evidence (Eoghan, 2002). It has been used for many years for very high profile cases and it has been adapted mainly in the United States of America as well as in many countries in Europe court systems. Internet Explorer Internet explorers was developed in the year 2008. It was released and launched with a package of windows internet explores 8 readiness which was a toolkit website designed for the promotion of internet explorer white papers, some related tools for software, some new features like the links with Beta for download (Davis, 2008). Some very important feature were introduced which includes inprivate mode, color coding, tab isolation, and improved standards. Some of the other added features for the explorer includes accelerator, auto complete changes, developer tools, favorite bar, automatic tab crash recovery, inline search but within the pages, inprivate, smart screen filter, stability and performance feature, zooming and imaging scaling, authenticated feeds and web slices AND multilingual user interface (MUI). A study looking at Internet Explorer’s InPrivate browsing found out that files downloaded and favorite added in InPrivate Browsing mode were still present on the system (virtual machine) although the InPrivate Browser had been closed (Microsoft 2011). This was expected because the producers of InPrivate Browser, Microsoft, warn users not to use Favorites while in InPrivate Browsing. However, Microsoft does not warn users on downloads so it was not expected. This implies that some evidential artifacts are left while browsing using private browsing modes (Aggarwal 2010).However, browsers such as Firefox warn users about downloading while in private browsing mode and thus this is expected across various private browsing modes. An examination of the $LogFile which is located at the root of the system drive provided references to controlled browsing sessions (Aggarwal 2010).However, the investigators discounted this as evidential artifact since the references referred to favorites. Another evidential artifacts in browsing mode could be obtained in the $MFT file that is located at the root of the system drive. This file has information about the system files and has information such as file names, cluster information, time stamps and file attributes (Shelly & Vermaat 2009). One of the artifacts provided by this file on private browsing is also references to the controlled browsing session that is related to favorites (Gibson 2011). Another reference found in a study about this file related to twitter.com although it was not established whether it was related to twitter.com found in favorites or from another source (James et al. 4). It has also been documented that evidential artifacts about private browsing may be obtained from temporary internet files (Aggarwal 2010).Although some files are deleted after exiting the private browsing mode, it has been documented that most of these files can be obtained from recovery folder which often has index.dat file that has multiple references to websites visited and actions performed while browsing using private browsing mode. The index.dat file is extremely hard to find and is locked and hence windows prevents it from being deleted (Granneman 2011). The file provides database on information such as search queries, visited websites and recently opened files. Thus this file is helpful to forensic investigators who are interested in recovering internet browsing activities carried out using the InPrivate Browsing feature of internet explorer (Microsoft 2011). Another file that can provide evidential artifacts while browsing using private browsing mode is the download history folder. The file is able to provide the URL of the downloaded file and the location to which the file is downloaded to. Google chrome Google chrome is one of the compute features for browsing and it is a feature that is in use for the computer forensic (Sammes & Jenkinson, 2003). It was built not only with an aim of making browsing much faster but also for the purpose of improving privacy of the information in the process of helping to protect that information that is usually shared online. Forensic computer is becoming an important feature because the computers use is in the increase and especially as one of the most reliable source of evidence of the crime commission (Garrison, 2003). It should be noted that its use must be guided by a number of principles which are key in enabling the investigators to prove the authenticity of the information. Some of the principles that are involved in the process include password protection as well as data encryption, the procedures for evaluation that are used in the process of circumventing the system’s security systems and especially the internal. The project is aimed at investigating the ability of the providing privacy by the browsing modes. This is because the private mode of browsing is basically provided for the people such that there will be traces of browsing activity left after browsing. Browsing can be done in the computers or even via the phone. This is because with the changed and innovations that are taking place in the world, phones are becoming the greatest or widely used internet or browsing gargets. All extensions in Google Chrome’s Incognito mode are disabled and hence little or no evidential artifacts related to extension are left behind after the user exits the browser. However, the mode allows cookies some of which may remain undeleted after exiting the browser and might be an avenue for evidential artifacts in forensic work (Aggarwal 2010). Evidential artifacts left when using Mozilla Firefox private browsing mode The Firefox has a do not track feature that turns of cookies thus users of private mode have the option of turning off cookies. This implies that users in the private mode who do not turn off their cookies can still leave evidential artifacts on their computers in terms of cookies that can be used forensic experts to extract incriminating evidence about the user after exiting the browser. Furthermore, it has been established that there are Mozilla add-ons which have the capability of obtaining and storing browsing data. This can also be utilized for forensic purposes (Aggarwal 2010). Evidential artifacts left when using Safari private mode Even though it said that safari private browsing features greatly limits the tracks left by the user when browsing the web, studies have indicated that using a terminal command anyone can access a list of websites visited even when the user was using the safari’s private browsing feature (Aggarwal 2010). A summary of the published work Forensic computing entails four main elements. They include the identification of the digital evidence, the preservation of that digital evidence, the analysis of the digital evidence and finally the presentation of the digital evidence. It should be noted that what really matters is that the investigator must provide legally acceptable evidence (Mahendrakar et el, 2010). Google chrome has been offering the incognito mode of browsing. This is whereby the webpage that one opens and then the files are then downloaded while the person is still in the incognito such that they are not recorded in the person’s browsing as well as downloading history. All the new cookies are also deleted but after one closes all the incognito windows that one had opened during browsing. The changes that have been mad to one’s Google chrome bookmarks as well as the general settings while the feature of the incognito mode was running are also automatically saved. This means that incase there is a mistake done or a fraud done, then it will be saved. Meaning the investigators will be able to get the information. The incognito mode can be used when one does not want his or her browsing history to be recorded or retrieved later. The privacy preferences also can be used control one’s privacy preferences from the dialogue box of options which is located under the hood tab (Eoghan, 2002). There is also an option of clearing the browser data. One can also control the privacy preferences and especially for the images, JavaScript, plugins and cookies. Millions of people are currently using the mobile social networking connected to the network services as their main ways of connecting as well as interacting with each other. This means that there is a great need for the security as far as the users are concerned (Said et el, 2011). The problem has been arising due to the fact that most of the mobile phones have not been designed in a way that the problem has been taken care of. This is why, even though a company has put into very well consideration the issue of the 4p’s, it is not functional due to the fact that the area of security has not been catered for by many of the companies. A number of contributions have however been made towards dealing with the problem. Three classes of privacy as well as security have been identified wit reference to the social networking which are as follows; issues that are referred to as direct anonymity, the indirect or the issues which are K-anonymity and finally the issues that are associated with eavesdropping, replay, spoofing or wormhole attacks (Eoghan, 2002). These problems have been presenting problems in the area of security and also privacy in the social networking in very different ways. Also a design has been presented which is referred to as the identity server and is very useful to the provision of the privacy and the security problems existing. The severs is actually manufactured in such a way that it establishes or adapts security as well as technology for the provision of the novel solution to the problems associated with the social networking through the mobile phone. The technology involved in the process of installing the security systems in the smart phones are quiet complicated this because it entails the installation in the phones of different model and make (Manikandan et el, 2009). Also the rate which the social network is growing is very high in such a way that so many social network programs have come up like twitter, yahoo message and face book among other. Also, the fact that millions of people are usually using the same social network at the very same time means that the provision of their security all at the same time is very difficult at some point. All the mobile providers have therefore come up with means and ways of providing the security to the users through installing the application on their phones some of the most commend and very well installed security and privacy programs in the mobiles are found in the blackberry and the Iphone (Panagiotis, 2006). A number of problems are associated with the technology of the provision of these services. Some of these problems ranges from peer to the peer issues as well as the client sever mobile issues of the social networking. This means that even the problems that are experienced depends on which type of mobile networking operation is involved in particular. The social networking online deals with a real relationship of friendship in real such that friend are able to exchange gifts, notes as well as massages (Kaasinen, 2003). But this process also involves the beings ability to access each others private as well as very confidential massages hence the need for security to ensure any person does not just gain access without authorization from the owner. Some privacy authorization policies have also been invented for the social networking users. This is whereby the uses have been given the mandate to define the rules which will allow the access of their information form their friends, some specific individuals as well as particular groups of people (Panagiotis, 2006). These rules are also very important since they allow the users or the friends to know which particular information they are allowed to access and at which particular time. Also there is protection for the people who are viewing the profile of the individual in the sense that there is no application at the moment that enables the user to view and know who has viewed his or her profile at what given time hence the viewer is protected as well as his or her location that he or she was when viewing the information (Eoghan, 2002). An application in the SNS social networking site has been invented to enable the user block some of the fiends they feel are not worthy to access their profile (Fraser & Dutta, 2008). This happens when they feel the particular friends are harassing or they are misusing their privacy information for their own gain. In such cases, he friend that is blocked is never able to exchange any kind of information with the other friend. This kind of a feature is very helpful to many people who have not been able to deal with the issues of online burying which can at time cause very serious emotional trauma (Liu et el, 2003). Some of the people are also very active in posting very offensive comments as well as pictures on the social networks which are capable of causing serious emotional stress as well as trauma. A research done by one psychologist shows that several f the teenagers are never interested in the use of MySpace because of the fact that they are limited to the kind of friends they want to have, so many of them are very adamant to accept friendship through the social network because of the issue of online bullying. Forensic computing poses a number of challenges and this is due to the increase in the use of computer based gargets for gathering evidence. This poses so many challenges to the experts and the people who use the skills (Kruse & Heiser 2002). Matter like the computer security breaches, legal acceptability and the authenticity of the court room materials, the computers that were specifically used for the commission of the crimes, computer based devices and the computer that was targeted by the crimes are very vital and when not well identified then there poses great challenges especially in determining the authenticity of the information. With the advancement in technology, there are some challenges that are facing the experts or the investigators that use the computing technology for forensic evidence. Issues of resourcing, policy, procedure, organizational changes and training must be dealt with properly (Kim & Allen, 2002). Most of the challenges that may face the investigators are technical like the operating systems, functionality and design, the text based interface, the graphic user designer, data volume, encryption and digital devises. Forensic examiners face some challenges. They must at whatever cost seek as well as provide their very own training on the issue of an ongoing basis. For them it is very changing in that it poses confusion since it is still a new discipline that many people do not know how to apply (Fraser & Dutta, 2008). The internet explores has also be en exposed to a numerous security vulnerability as well as concerns. Some of these includes imposes viruses, spyware and adware. There very important issues that the investigators must observe to ensure that the forensic evidence is not altered (Panagiotis, 2006). They are also the rules of forensic computing which are as follows; The original must be minimal handled Any changes that are made should be well accounted for in a documented form The rules of the evidence must be complied with One should not exceed his or her knowledge Conclusion Given the fact that there is a great increase in the computer based kind of crimes and especially in the contemporary world, a number of issues must be given great concern. This is especially with reference to the use of social network for communication. The Google chrome and internet explorer are very important in solving the problem. Social networking site are very important as well as useful when well used (Boyd & Ellison, N. 2007). They are one of the main ways in which people are able to communicate with their loved ones anywhere in the world. However, the issue of security is very important in that interpersonal communication has been misused by some people in that they take it as one of the ways in which they bully others. Due to that, there has been a need for the installation of security and privacy settings to ensure that people are comfortable using the social network (Aggarwal et el, 2010). The social network users are therefore provided with many ways in which they can set their privacy settings to be able to control who gains access to their information through defining and setting some rules. Also by doing that the social networking site operating software, is able to ensure the security of the users is not compromised in any particular way. Reference Aggarwal, G., Bursztein, E., Jackson C., Boneh, D. 2010. An analysis of private browsing mode in popular browsers. Oxford: oxford university press. Apple Inc. Safari web browser. http://www.apple.com/safari/. Boyd, D.& Ellison, N. 2007. "Social Network Sites: Definition, History, and Scholarship". Journal of Computer-Mediated Communication 13 (1). http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html. Chrome. Using the Incognito mode (private browsing). Viewed on 7 November, 2011, http://www.google.com/support/chrome/bin/answer.py?answer=95464 Collin Jackson Gaurav Aggarwal,Elie Burzstein and Dan Boneh. An analysis of private browsing modes in modern browsers. unpublished, April 2010. Privatebrowsing modes. Collin Jackson. Detection of private browsing mode. http://crypto.stanford.edu/˜collinj/ research/incognito/. Davis, S. 2008. Private Browsing: Detection and Evidential Artefacts. London: Kogan Page Publishers. Eoghan, C. 2002. Handbook of computer crime investigation: forensic tools and technology. California: Cengage Learning EMEA. Fraser, M. & Dutta, S. 2008. Throwing Sheep in the Boardroom: How Online Social Networking Will Transform Your Life, Work and World. Wiley. ISBN 978-0470740149. http://books.google.com/?id=SP92NwAACAAJ. Garrison, D. 2003.Regional computer forensic laboratories. Evidence Technology Magazine 1, 4 (Nov./Dec. 2003); www.evidencemagazine.com/issues/novDec03/RCFL.htm. Gibson, D. Microsoft Windows Security Essentials. New York: John Wiley and Sons, 2011. Google Inc. Google chrome. http://www.google.com/chrome. Granneman, S. Mac OS X Snow Leopard for Power Users: Advanced Capabilities and Techniques. New York: Apress, 2010. James Irving Aditya Mahendrakar and Shivam Patel. Detection of private browsing mode. http://www.mocktest.net/ timing_test.htm. James Irving Aditya Mahendrakar and Shivam Patel. Forensic Analysis of Private Browsing Mode in Popular Browsers. http://www.mocktest.net/ timing_test.htm. Kim, K. S., & Allen, B. 2002. Cognitive and task influences on web searching behavior. Journal of the American Society for Information Science and Technology, 2, 109-119. Kruse, W. and Heiser, J. 2002. Computer Forensics—Incident Response Essentials. Canada: Addison-Wesley.002. Ledford, J., and Davis, Y. Web Geek's Guide to Google Chrome. New York: Que Publishing, 2009 Liu, Y., Lin, F., & Wang, X. 2003. Education practice and analyzing behaviour of students in a web-based learning environment: An exploratory study from China. Online Information Review, 27 (2), 110-119. Mahendrakar A, Irving J, Patel S, 2010. Forensic Analysis of Private Browsing. Cambridge: Cambridge university press. Manikandan, A., Anubuoli,P. &Saikishore, E. 2009. International Conference on Computer Applications – Networking.Canada: Research publishing service. Microsoft Inc. Microsoft internet explorer. http://www.microsoft.com/windows/internet- explorer/default.aspx. Microsoft. InPrivate Browsing. Viewed on 8 November, 2011, http://msdn.microsoft.com/en- us/ie/Video/dd721901 Miller, M. Using Google Chrome OS. New York: Que Publishing, 2011 Morley, D. Understanding Computers in a Changing Society, 4th Ed. London: Cengage Learning, 2010. Morley, D., and Parker, C. Understanding Computers: Today and Tomorrow, Comprehensive, 13th Ed. London: Cengage Learning, 2010 Mozilla Inc. Mozilla firefox. http://www.mozilla.com/en-US/firefox/personal.html. Orchilles, J. and Cherry, D. Microsoft Windows 7 Administrator's Reference: Upgrading, Deploying, Managing, and Securing Windows 7. New York: Syngress, 2010 Panagiotis, K.2006. digital crime and forensic science in cyberspace. Chicago: university of Chicago press. Said H, Al Mutawa N, Al Awadhi I, Guimaraes M .2011. Forensic analysis of private browsing artefacts, Innovations in Information Technology (IIT) (last accessed 18/10/2011). Sammes, A & Jenkinson, B. 2003. Forensic computing. New York: Springer. Shelly, G. and Vermaat, M. Discovering Computers & Microsoft Office 2010: A Fundamental Combined Approach. London: Cengage Learning, 2011 Shivam Patel Aditya Mahendrakar, Jim Irving and Krishna Santosh Reddy Suravaram. Memory parser: A forensic analysis framework for windows memory. unpublished, April 2010. Java reimplementation of Volatility framework Smith, F. and Bace, R. 2003. A Guide to Forensic Testimony. Canada: Addison-Wesley. Team Incognito. Network security project testbed. http://mocktest.net. Teeter, R., and Barksdale, K. Google Sites & Chrome for Dummies. New York: John Wiley & Sons, 2009 VMWare Inc. Vmware workstation. http://www.vmware.com/products/workstation/. Read More